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NVT2 • Background 




Program Name: NVT-2 (Information Assurance for the Next Generation 
Information Infrastructure BAA) 

Customer: DARPA/ISO/lnformation Infrastructure/Information Assurance 

Program Manager: O. Sami Saydjari (on assignment from NSA) 

Program Value: $1M, 18 month schedule, CP/LOE 
3 1 -month options for ACTD Support 
($1 1M confirmed in pool, expect at least 8 awards) 
Usually MIPR to RL for execution 

Schedule: 10 September- Announcement 
30 October - proposal submittal 
1 5 December - initial contractor selections expected 
28 February - contract award 
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Scope of Work 
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• Building off of the NVT Study: 

•Augment NVT prototype with new functionality: 

•temporal based reasoning 

•vulnerability thresholds 

•reasoning with uncertainty or incomplete data 
•Incorporate vulnerability databases: 

•SEI/CERT Database 

•STAT from GCSD 

•Possibly later version of RAM 



NVT Concept 
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Deliverables: Technical reports/research papers 
POr ft month inrmmen fal prntntypps tn mmpletio n. 
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NVT Architecture 




Answer 
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Cost Approach MAtlJRMS 
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• Scientific and Technical l^erit 

• Potential contribution and relevance to DARPA Mission 

• Capabilities & related experience 

• Plans and capability to accomplish technology transition 

• Best Value 

Cost Strategy: 

Technically superior, can't live without it, priced in 
line with historical value of previous awards ($1M -1.2M) 

Best resource mix over life of program: 
Travel 
Materials 
Labor 
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Proposal Schedule 



„ „ „ &in 97. *fi8 I Oct 4. '98 1 Oct 11. '98 ~i Oct 18, "98 

ID Task Name 
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Leverage Network Vulnerability Tool (NVT) 

• Sizeable advantage/funded headstart 

• RL study (RL is DARPA's agent for this technology) 

• Quarterly review in July -- with interested organizations 

• DARPA Feedback 

•'You have enough ideas here to fund a major DARPA 
program by yourself 

• Only non-DARPA sponsored attendee at DARPA workshop 

• Feedback side session with Sami 
•Competing Program: lOPS for ESC unawarded 

• Possibly include a HPKB consultant for correctness 

• Incorporate GCSD's STAT vulnerability database 
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Competive Assessment 



§f/UUUS 
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Awards on merit — no head to head competition 
Probable submitting companies 

• Boeing 

• GTE/BBN 
•SRI 

• TIS Labs ©Network Associates 

• Trident Data Systems? 



WIN THEMES 
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We have been conducting ongoing research in this area for 2 years. 

NVr provides a clean, modular frameworic, readily expandable. 

No one tool can cover everything, so why not use multiple tools to get 
a better answer? 

With the enhancements ofNVTZ, the environment can be: 
a design tool for new networks 
an assesment tool for existing networks 
a way to prioritize problems 
a predictive IW probability of attack tool 

New technological developments/threat models fit 

Application of message understanding, data fusion, and KBMS 
technologies is innovative in the lA domain - and we've been doing it! 
Not a shotgun wedding ^ 



Long term vision 



• NVT becomes the standard vulnerability environment 

• Combines GOTS/COTS Into unique capabilities 

• CORE technology for ISO/IA 

• Before every system gets turned on, 

• Use NVT to validate risk posture 

• Eventual Inclusion as NGII standard environment 
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Proposal Asslgnments/Pgs. , ^^l^SSE 



Section 


Pg Count 


Author 


A. Cover Page 


1 


Henning 


B. Exec Summarv 


1 


Hennina 


C. Proposal Roadmao 




Henning 


D. Cost & Fee RoII-ud 




Hennina/Phan 


E. Innovative Claims 




Hennino/Fox 


F. Sow 


20 


Henninq/Fox/Neyland 


G. Results 


1.5 


Fox 


H. Milestones & 
Schedule 




Fox 


1 Technical Plan 


8 


Hennina/Fox 


J. Demo& Integration 


1.5 


Henning 


K. Relevant Capabilities 


5 


Neyland 


L. Management App. 


5 


Neyland 


M. GFE/GFI 


.5 


Hunter 


N. Proprietary Claims 


.5 


Hunter 



Risks/Mitigation 
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Risk 


Probability 


Mitigation Strategy 


NVT Prototype fails to 
meet expectation 


Low 


Manage expectation through 
orototvoe reolan (in oroaress) 


Unable to transfer 
hardware from NVT 1 


Moderate 


State in assumptions, add to 
materials pool (<$30K) 


Using tool on a "real" 
ISO oroaram 


Low 


Use positions on DDB & AVS 
to aain architecture knowledae 
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Award Criteria: Integrate existing and emerging technologies or fill the 
current identified gaps, and be able to accommodate 
new/emerging technologies. 

Identified 6 Technology areas: 

1 . Advanced Boundary Controllers 4. Malicious Code Detection 

2. Monitoring and Threat Detection 5. Risk Management^DSS 

3. Vulnerability Assessment 6. Response and Recovery 

Key: Relevance to other programs in ISO: 

JFACC AIM AlCE DMIF 

ALP GENOA AVS 

JTF-ATD BADD DDB 

Integration of results from DARPA/NSA 
NOTE: NSA CRADA for NVT pending 
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CDRL List 
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• Monthly cost and status 

• Major build reports 

• Lessons learned fronn demo tasks 

• Final report 

• Draft & final user's documentation 

• Prototype system as residual 
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Cost Volume Data 
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NVT2 - CP/LOE, Study 



Software - LOE, organic study 

Only prior history is NVTl (ongoing) 
Analogous programs -- ART-X, ENDS, IA4DB 

Hardware - Generic Windows NT PCs. 

CDRLS - 

•Monthly cost and status - 20 pg. 

• Major build reports 20 pg. 

• Lessons learned from demo tasks 20 pg 

• Final report - 75 pg. 

• Draft & final user's documentation 100 pg. 

• Prototype system as residual 



Project Schedule 
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Task Namo 



Jan I Feb! MaT 



Apr I May I Jun 



Jul I Augl Sep 



Oct 1 Nov| Dec 



Jan I Fab I Mar 



2nd Quarter 

Apr I Mayl Jun 



3rd Quarter 



Jul IAuqI Sep 



4th Quarter 

Oct I Nov| Dec 



let Quarter 

Jan I Febj Mar 



Program Startup 
pTt)gram Kickoff 

BiiTdr 

Build 3 

Month^ Cost'& Stati 

Final Report 



Quarterly Meeting 

PI Meeting 
PI Meeting 
PI Meeting 
Demo Support 
Demo Support 
Demo Support 



46 
47 
48 
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Proiect Organization/Mgmt ^^ISS!^ 



R. Henning 
Program Manager 



Technology Consulting j_ 
Board 



K. Fox 
Project Engineer 



S.Hunter 
Contracts 



j C. Miller 


John Farrell 




L. Jackson 


j SW Engineer 


j SW Engineer 




SW Engineer 



L. Phan 
Finance 



Manage as an organic study. Get our technology board 
to brainstorm/exchange ideas, etc. 
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Travel 
05 


01-01-05 




01-05-02 




01-05-03 




01-05-04 








01-05-06 




• Assume we can keep the NVT development env. 

•If DARPA MIPRS to RL, could be ECP to NVT-1 

•Or, transfer of equipment (HW & SW Licenses) 
•Means the program hits the ground running, no lead time lost 
•Otherwise, impact to program of 2-3 down months 

•Waiting for HW/SW to appear after startup. 
•Availability of SEI/CERT data in usable form 

•DARPA/RL funding CERT to put data in relational format. 

•Data must be available 

•Fallback grab the web pages 
•crude version at best. 



Program Meetings 
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Program Kickoff 

Quarterly Status (face to face) 

•alternating sites 

Monthly VTC/Telecons 

Every Six Months - PI meetings 

•VTC/Telconference as needed 

Demo Support 

•30 day scheduled option 

•at completion of each functional build 



Cost Targets 
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• Study rates 

• All travel assumed to DC 

• Labor hours need for: 

•PM 
•Admin 

•Engineering Support 
•Materials 
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Cost Bid instructions 
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• Creative fictional BOEs 

• Capital - none required 

• Travel - To DC from Melbourne 

• VTC - ?? 

• Materials - List due by 13 October 

•HW 

•SW packages 

•SW upgrades/maintenance 



Finance Assumptions 
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• No capital required 

•Transfer of development hardware from NVT 

• Materials to bid: 

• Extra development workstation/sw license ($7k) 

• SW License maintenance pool ($15K) 

• Study rates (no hardware/software deliverables) 
•Fee® 10-12% 



